Looking for a little help.
I have just had a external audit for re-certification due to the last company we used for external audits not doing the storage and distribution standard any longer.
I have a minor non conformity, and it states "whilst security procedures are in place, a documented security risk assessment was not available" ( because we don't have one)
The question I have is, where the hell do I start, what needs to be included and how do I go about getting this in place.
Would anyone have a template that I could use?
I really do not know where to start with this and would appreciate any help that any of you could give me.
Many thanks in advance.